[URSpider94]

WiFi as a location technology is well-known -- http://www.skyhookwireless.com for example has been selling this data for a decade.

What seems to be new here is that Android is very permissive and leaky with WiFi access point data, which allows an app to reverse-engineer location without specifically asking permission to know your location.

Your claim that Android scans for AP's even when WiFi is off is a very interesting one, which raises a lot of concern for privacy but also for RF interference -- if I say I want a radio to be off, then I expect it to be OFF, dammit!

[sapski]

It's true: Skyhook, Google, Apple, and Microsoft have been doing it for a while. Even more, there are free databases that you can use to map WiFi routers to locations (for example wiggle.net), but for some reason this is still not enough for Google to treat WiFi as equivalent to location. This also has consequences in age rating: if you explicitly require location access, you fall into a different age category than if you require "only" the WiFi permission.

You can control the scanning settings in settings -> WiFi -> advanced -> scanning always available. It's ON by default, but you can disable it there.

Apart from what you mention, what is new is the measurement of how many access point you actually need to know to track my location: it's costly to look up all the routers I see during a day, but we show that people spend a vast majority of the time close to a very small number of unique access points (~20 routers per person over 6 months).

[sevenadrian]

Yeah, agreed, this was the point that stood out to me the most. Privacy, battery usage, interference, simply not obeying instructions, etc..